P.S. WTF is "double fast flux[tm]”?
Double fast-flux is when not only the TTL is set very low on the A record(s), bit also on the NS: https://en.wikipedia.org/wiki/Fast_flux - ferg
On Dec 1, 2016, at 12:38 PM, Ronald F. Guilmette <rfg@tristatelogic.com> wrote:
In message <20161201173426.2861.qmail@ary.lan>, "John Levine" <johnl@iecc.com> wrote:
More info here:
https://www.europol.europa.eu/newsroom/news/%E2%80%98avalanche%E2%80%99-netw...
I'm always happy when even a small handful of miscreants are captured and taken off the Internet, but...
The press release itself says that this botnet had been running since 2009. So, you know, are we supposed to break out the champaign and start celebrating because it "only" took LE *seven years* to take down this one botnet and capture a grand total of five cybercriminals?
Like I say, I'm happy that this one botnet was killed, but to my way of thinking, the fact that it took seven years to do so is a testament *not* to the spectacular 21st century capabilities of modern law enforcement, but rather to the ever widening gap between the time scales of law enforcment processes, typically measured in months or years, and the time scales of malicious packets flying around the Internet, usually measured in miliseconds.
The Internet, viewed as an organism, quite clearly has, at present, numerous autoimmune diseases. It is attacking itself. And its immune system, such as it is, clearly ain't working. There's going to come a day of reckoning when it will no longer be possible to paper over this sad and self-evident fact. (And no, I'm *not* talking about the fabled "Digital Pearl Harbor". I'm talking instead about the Internet equivalent of the meteor that wiped out the dinosaurs.)
Regards, rfg
P.S. WTF is "double fast flux[tm]"? Is that anything like "double secret probation" from Animal House?
P.P.S. I love this part of the press release, because it is so telling:
"The successful takedown of this server infrastructure was supported by ... Registrar of Last Resort, ICANN..."
Hahahahaha! Yea. Translation, for those of you who do not speak diplomacy-speak: "It isn't hardly just you unofficial anti-spammers and anti-cybercrime volunteers and private security companies that can't manage to get many domain registrars and somtimes even domain registries to lift a finger to help. Even some of us international law enforcement guys, who have badges and everything, were also told to go pound sand by several of the world's worst and most unhelpful registrars and registries. In fact, they were soooooooo colossally unhelpful that in the end, we finally had to go and plead our case all the way up to ICANN, just in order to get anything done."
— Paul Ferguson ICEBRG.io Seattle, Washington, USA